TARGETED ATTACKS DETECTION SYSTEM

TARGETED ATTACKS DETECTION SYSTEM

Systems and methods for targeted attack detection. A protection system intercepts traffic destined for a protected system and only traffic identified as non-malicious is allowed to pass thereto. Data collection agents (DCAs) instantiated at protected systems report information concerning protected s...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Novikov, Ivan, Ilin, Stepan, Golovko, Alexander
Format: Patent
Sprache:eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Systems and methods for targeted attack detection. A protection system intercepts traffic destined for a protected system and only traffic identified as non-malicious is allowed to pass thereto. Data collection agents (DCAs) instantiated at protected systems report information concerning protected system resources to the protection system, which creates from that information a set of threat attack detection metrics (TADMs) by which it evaluates payloads of the intercepted traffic. In particular, the intercepted traffic is assessed using conventional threat detection approaches to identify suspect payloads. The suspect payloads are additionally evaluated against the TADMs to determine if they contain any references to specific resources of the protected system. For those of the suspect payloads for which the TADM evaluation reveals positive results, the protection system provides an alert that a targeted attack has been recognized.